diff options
author | Lance Bragstad <ldbragst@us.ibm.com> | 2014-05-13 14:02:29 +0000 |
---|---|---|
committer | Lance Bragstad <lbragstad@gmail.com> | 2014-06-23 15:41:58 +0000 |
commit | 491b29bed84db2156f2b0eec01c929cb9d8b13b6 (patch) | |
tree | cc666738bc63fc271bf7df1724078ea059ed6d9a /examples | |
parent | 1ca41569b3b57da3dc56bf48e9ba6a8c43dea1c8 (diff) | |
download | keystone-491b29bed84db2156f2b0eec01c929cb9d8b13b6.tar.gz |
Make gen_pki.sh & debug_helper.sh bash8 compliant
Now that bash8 is available on PyPI we can use it to clean up the bash
scripts in Keystone. This also uses bash8 in tox. For now we can add
files to the tox check manually as we make them compliant.
Change-Id: I87a7478949114163f0614b1a6d8b249e14afe0df
Diffstat (limited to 'examples')
-rwxr-xr-x | examples/pki/gen_pki.sh | 113 |
1 files changed, 56 insertions, 57 deletions
diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh index 85369d29f..655502659 100755 --- a/examples/pki/gen_pki.sh +++ b/examples/pki/gen_pki.sh @@ -24,21 +24,21 @@ CMS_DIR=$CURRENT_DIR/cms function rm_old { - rm -rf $CERTS_DIR/*.pem - rm -rf $PRIVATE_DIR/*.pem + rm -rf $CERTS_DIR/*.pem + rm -rf $PRIVATE_DIR/*.pem } function cleanup { - rm -rf *.conf > /dev/null 2>&1 - rm -rf index* > /dev/null 2>&1 - rm -rf *.crt > /dev/null 2>&1 - rm -rf newcerts > /dev/null 2>&1 - rm -rf *.pem > /dev/null 2>&1 - rm -rf serial* > /dev/null 2>&1 + rm -rf *.conf > /dev/null 2>&1 + rm -rf index* > /dev/null 2>&1 + rm -rf *.crt > /dev/null 2>&1 + rm -rf newcerts > /dev/null 2>&1 + rm -rf *.pem > /dev/null 2>&1 + rm -rf serial* > /dev/null 2>&1 } function generate_ca_conf { - echo ' + echo ' [ req ] default_bits = 2048 default_keyfile = cakey.pem @@ -65,7 +65,7 @@ basicConstraints = critical,CA:true } function generate_ssl_req_conf { - echo ' + echo ' [ req ] default_bits = 2048 default_keyfile = keystonekey.pem @@ -86,7 +86,7 @@ emailAddress = keystone@openstack.org } function generate_cms_signing_req_conf { - echo ' + echo ' [ req ] default_bits = 2048 default_keyfile = keystonekey.pem @@ -107,7 +107,7 @@ emailAddress = keystone@openstack.org } function generate_signing_conf { - echo ' + echo ' [ ca ] default_ca = signing_ca @@ -138,75 +138,74 @@ commonName = supplied } function setup { - touch index.txt - echo '10' > serial - generate_ca_conf - mkdir newcerts + touch index.txt + echo '10' > serial + generate_ca_conf + mkdir newcerts } function check_error { - if [ $1 != 0 ] ; then - echo "Failed! rc=${1}" - echo 'Bailing ...' - cleanup - exit $1 - else - echo 'Done' - fi + if [ $1 != 0 ] ; then + echo "Failed! rc=${1}" + echo 'Bailing ...' + cleanup + exit $1 + else + echo 'Done' + fi } function generate_ca { - echo 'Generating New CA Certificate ...' - openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes - check_error $? + echo 'Generating New CA Certificate ...' + openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes + check_error $? } function ssl_cert_req { - echo 'Generating SSL Certificate Request ...' - generate_ssl_req_conf - openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes - check_error $? - #openssl req -in req.pem -text -noout + echo 'Generating SSL Certificate Request ...' + generate_ssl_req_conf + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout } function cms_signing_cert_req { - echo 'Generating CMS Signing Certificate Request ...' - generate_cms_signing_req_conf - openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes - check_error $? - #openssl req -in req.pem -text -noout + echo 'Generating CMS Signing Certificate Request ...' + generate_cms_signing_req_conf + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout } function issue_certs { - generate_signing_conf - echo 'Issuing SSL Certificate ...' - openssl ca -in ssl_req.pem -config signing.conf -batch - check_error $? - openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem - check_error $? - echo 'Issuing CMS Signing Certificate ...' - openssl ca -in cms_signing_req.pem -config signing.conf -batch - check_error $? - openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem - check_error $? + generate_signing_conf + echo 'Issuing SSL Certificate ...' + openssl ca -in ssl_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem + check_error $? + echo 'Issuing CMS Signing Certificate ...' + openssl ca -in cms_signing_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem + check_error $? } function create_middleware_cert { - cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem - cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem + cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem + cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem } function check_openssl { - echo 'Checking openssl availability ...' - which openssl - check_error $? + echo 'Checking openssl availability ...' + which openssl + check_error $? } function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" - do - openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} - done + for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do + openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} + done } check_openssl |